InfoSecBulletin Cybersecurity for mankind
On April 30th, the White House released National Security Memorandum-22 (NSM) on Critical Infrastructure Security and Resilience to update national policy on protecting and securing critical infrastructure from cyber and all-hazard threats. The memorandum recognizes the changed risk landscape and aims to collaborate with partners to identify and reduce sector, cross-sector, and nationally significant risks. It will also create the 2025 National Infrastructure Risk Management Plan (National Plan) to guide federal efforts in the coming years.
As the National Coordinator for critical infrastructure security and resilience, the Cybersecurity and Infrastructure Security Agency (CISA) will create a forward-looking National Plan. It will use all available federal tools, resources, and authorities to manage and decrease risks at the national level, including risks that affect multiple critical infrastructure sectors. CISA will seek assistance from its partners and other Sector Risk Management Agencies (SRMAs) throughout the year while developing this important document.
Critical Cisco ISE flaw impacts cloud deployments on AWS, Microsoft Azure, and OCI
App builiding platform exposes over 3 million records, including PII
CVSS 9.6: IBM QRadar & Cloud Pak Security Flaws Exposed
ALERT
Thousands of IP addresses compromised nationwide: CIRT warn
New Android Malware ‘Crocodilus’ Targets Banks in 8 Countries
Qualcomm Patches 3 Zero-Days Used in Targeted Android Attacks
Critical RCE Flaw Patched in Roundcube Webmail
Hacker claim Leak of Deloitte Source Code & GitHub Credentials
CISA Issued Guidance for SIEM and SOAR Implementation
Linux flaws enable password hash theft via core dumps in Ubuntu, RHEL, Fedora
The National Plan Must Account for the Evolution of Threats, Vulnerabilities, and Consequences
The 2025 National Plan will outline how the U.S. government will work together with partners to identify and handle national risks. This plan is a continuation of the 2013 National Plan, which emphasized the importance of risk management in enhancing the security of critical infrastructure. However, there is a need for evolution in light of the increasing vulnerabilities and threats that could have widespread consequences. Fortunately, in the past decade, Congress and successive administrations have established new agencies, authorities, and partnerships that enable a comprehensive approach to national risk management. The primary responsibility for implementing this approach through the National Plan falls on CISA, as the National Coordinator.
The National Plan will be Informed by a New Risk Management Cycle
The NSM-22 introduces a new risk management cycle for SRMAs. They will identify, assess, and prioritize risks in their sectors and create risk management plans. CISA will use these plans to identify and prioritize risks at a systemic, cross-sector, and national level. This will help them focus on reducing risk in collaboration with federal, state, local, private, and international partners. The National Plan will acknowledge that it is not possible to protect all critical infrastructure from every threat. Instead, it will outline efforts to make critical infrastructure resilient against the highest-priority risks identified in sector and cross-sector assessments. CISA and other federal partners will also work closely with SRMAs to manage risks specific to their sectors.
We Need You for Us to be Successful:
The U.S. government is developing a new approach to manage risks in critical infrastructure due to technological advancements and global volatility. This includes systems such as energy grids, water systems, transportation networks, healthcare facilities, and communication systems, essential for public safety, economic stability, and national security. With increased interconnectivity, reliance on global technologies and supply chains, and geopolitical tensions, these systems are vulnerable to various threats. Managing these risks will need a national effort involving federal agencies, state, local, tribal, territorial governments, infrastructure owners and operators, and other stakeholders.
We are responsible for keeping the U.S. critical infrastructure secure and resilient. We need to be prepared for new risks and an uncertain future while also keeping an eye out for long-standing threats like terrorism, natural disasters, and targeted violence. Building strong partnerships between the federal government, private-sector, and SLTT partners is crucial for protecting the nation’s critical infrastructure.
In order for the 2025 National Plan to achieve success, it is essential that our partners actively collaborate with us to shape its development and eventual execution. We kindly request your support in working closely with your respective SRMAs throughout the process of creating your sector risk assessments and sector risk management plans. These crucial contributions will serve as the bedrock for the National Plan.
We also invite you to reach out to us at [email protected] to share any innovative ideas or suggestions you may have. Your inputs will truly be invaluable as we strive to formulate a comprehensive plan that enables the U.S. government to effectively prioritize our risk mitigation endeavors and enhance the resilience of the critical infrastructure that lies at the heart of American society. Together, we can create a safer and more secure future for all.
